Thanks for your great latest MQTT Paho Demo with the broker link of broker.hivemq.com example. The demo file explain very well on how to get the XDK110 connected to the broker with topic of DK110/<MQTT_CLIENT_ID>/Data/Stream. I can receive the sensor data with every one second interval.

However, when I used my AWS IoT broker link and port 8883 the XDK cannot work well even cannot get connected to the AWS IoT broker server. I think it is because of AWS IoT has addition security credential keys. There are three keys must be attached in the XDK firmware; privkey.pem, cert.pem and aws-iot-rootCA.crt. Please see the following example:

adding certificates to your connection will require a bit of work. I will give you a rough outline on what to do, and where to find further information on this.

In your MQTT Paho demo project, there are two files in source/paho/XDK called mqttXDK.c and mqttXDK.h. They define the interaction between the actual MQTT Protocol files provided by Eclipse Paho (in source/paho) and the simplelink API, responsible for sending and receiving the actual messages.

You will notice, that the mqttXDK.c defines a function called TLSConnectNetwork() (as a secure pendant to ConnectNetwork()). It has some additional inputs, which you will have to provide. Those are the certificates (stored in a variable of type SlSockSecureFiles_t), the security method, the cipher, and char called server_verify (0 should be used for this).

The function ConnectNetwork() is used in mqttPahoClient.c to connect to the broker. You have to replace this function with TLSConnectNetwork() and define the new inputs.

All relevant information regarding the certificates, the security method and the cipher, can be found in the header-file socket.h, which is located in your project at SDK/xdk110/Libraries/WiFi/TI/simplelink/include/socket.h.

The security method and the cipher can be chosen from predefined values inside socket.h. Regarding the certificates, I believe you have to flash them to the XDK's memory first, and then insert the filenames inside the certificates array. The array is a field of the SlSockSecureFiles_t. The order of files is also defined as:

Thanks for your immediate reply. I am very appreciate it. Also thanks for your very informative details.

However, after dig more information from the HTTPS guide at xdk.io/guides I still cannot get the things done. Perhaps the HTTPS guide is not a good guide because it does not explain clearly and not a complete guide too. Perhaps this guide needs to be revised again otherwise the users will get lost.

Anyway, like I have mentioned earlier that if I have three certificates: 1. aws-iot-rootCA.crt (similar to digicert root certificate in the HTTPS guide) 2. cert.pem 3. privkey.pem

Do these three certificates need to be converted into Hex format files and saved it into ,der?

Are there necessary to flash these three certificates into SD Card memory or in the project folder?

There are three related files; mqttXDK.c, mqttPahoClient.c and socket.h as you mentioned earlier. which one needs to be configured to include the certificate names?

Can you make some changes in these files to include these three certificates (or only one) for me to test? Let us try to configure them together and see whether it will be worked.

For the AWS IoT configuration. I actually followed the example in the following link:

while the HTTPS guide may be confusing for MQTT, it is appropriate for HTTPS. In any case, I will try to further elaborate what to do, in a tutorial-like manner.

--- Changes to mqttPahoClient.c ---

First, add the include for "socket.h" at the top of the implementation file, to the other includes. (#include "socket.h"). This will enable us to access the constant definitions and types from socket.h.

Create a global variable of type SlSockSecureFiles_t, called certificates.

Inside the function clientInit(), add the line flashCertificates(); before ConnectNetwork(...);. Inside flashCertificates(), the certificates will be flashed onto the XDK.

the next change will be from ConnectNetwork(&n, MQTT_BROKER_NAME, MQTT_PORT); to TLSConnectNetwork(&n, MQTT_BROKER_NAME, MQTT_PORT, certificates, SL_SO_SEC_METHOD_TLSV1_2, NULL, 0);. As I mentioned before, TLSConnectNetwork() is the secure pendant to ConnectNetwork(). The variable certificates will hold the certificates. The next input SL_SO_SEC_METHOD_TLSV1_2 security method, which I derived from the tutorial you mentioned in your last post. The next input field, which is currently set to NULL, is the cipher. I don't know which to use, but I think inserting NULL will be alright (as I mentioned before, I didn't try it out myself yet, details are up to you essentially).

--- flashCertificates() ---

Inside mqttPahoClient.c, create a function called flashCertificates(). It should have the return-type void and accept no inputs.

This function will essentially flash your certificates to the memory. The same procedure as with the certificate in the HTTPS guide. For every certificate file, extract the hexadecimal values with a tool of your liking (as seen in HTTPS guide) and make the appropriate defines at the top of mqttPahoClient.c. For example:

This will flash the certificates to memory, one after another. As a last step, we fill the variable certificates with the filenames like this:

certificates.secureFiles[0] = "appropriate filename";

replace appropriate filename with the correct filename. secureFiles is an array with 4 fields. The first field (index 0) should be the privkey. index 1 is cert and index 2 is aws-iot-rootCA. (you can see the order in my last post). Just in case, leave index 3 empty, or fill it with NULL or just "" (empty string).

I think this is all you have to do. Try it out and tell me of your progress. If any detail is missing, feel free to ask again.

On this step, keep in mind that I have not included error-handling. For example, if a file was not created, the fileHandle will stay 0, after calling sl_FsOpen. Consequently, the file cannot be written to. I recommend to handle that case specifically, and actually abort the entire flashing process. If one of the files cannot be created, it porbably already exists, which shouldn't be the case on the first time you are running the application. If it does already exist, but has to be fixed, use the function sl_FsDel((_u8*) YOUR_FILE_NAME, 0) to delete each of the files.

Additionally, I have added variables for writtenLen as a return for each call of the function sl_FsWrite(). It would be useful to check, the actual written length was. If it is less than the length of your key, then this part has to be rewritten to write the key in two steps. Therefore I recommend to add printf-statements like this:

This essentially has the same effect as what was intended with the certificates-variable, but in a straight-forward manner, by setting each file directly. Do implement these changes, and report back. Also, try simply building the project, without running or flashing it, by right-clicking the project in the Project Explorer, and then selecting Build Project. If errors occur during the build-process, they will be printed to the console. If only warnings are left (and not errors), the application can be flashed.

the errors regarding unresolved variables can be solved by right clicking your project, browsing down to Index and then clicking rebuild. This issue only occurs, because the XDK Workbench's static checks cannot find the variables and types. The compiler will still be able to find them.

Regarding your second error undefined reference to flashCertificatesmqttPahoClient.c. This is because you defined the function with the name flashCertificate(), but you use the function with the name flashCertificates(). To solve this, either rename the function's definition to flashCertificates() or rename the function's call inside the function clientInit() to flashCertificate().

Afterwards, your code should be able to be built without any issues.

Please let me know if this was helpful and do not hesitate to ask if you have further questions.

Great work - if you finally have a working solution please let me know and i will try do this also.

Amazon AWS - i do actually a lot of stuff here also with XDK, Alexa, Firestick... At the moment i have my own applications (MQTT and HTTP) running - they communicate with the XDK - and my software is able to send data to the Bosch IoT Cloud, Relayr Cloud, my own cloud, Cayenne, DeviceBit, Adafruit, Blynk ... etc. This was my power gateway solution to get rid of the XDK problems sending his data directly.

This code will write the 1024 bytes, and then the rest of the bytes that have not been written yet. Remember to rename the variables for each file, this example shows the rootCAfile. Do this for the privkey and cert accordingly.

The prints should respectively sum up to each file length. For example, it should be 1758 for the rootCA file.

at this point, I am quite sure that the certificates are flashed correctly onto the XDK. They also seem to be set as security options correctly. I would like to know how you verified whether the XDK can connect or not.

To verify whether your XDK connected, I recommend to take a look at the return code of MQTTConnect(). This function is called in mqttPahoClient.c inside the function clientInit() some lines below TLSConnectNetwork().

If the return code is a negative number (either -1 or -2), an error occured. If it is exactly 0, the connection was successful. If it is -1, I recommend to enable logging in your AWS IoT setup, so that you will be able to verify whether the broker actually receives a connection attempt by the XDK.

At this point, it is difficult to provide an accurate diagnosis of the issue, since it is no longer related to building or programming the application, but a networking issue instead. Therefore, I cannot pinpoint the problem to whether your certificates are the problem or if the topic does not match.

Unfortunately, the MQTT paho demo mentioned in this thread is since the release of the XDK-Workbench 3.0.0 no longer available for download in the XDK community.

If you require the functionality to send sensor data over MQTT to AWS then you would need to implement that on your own.

For that, you can use the explanations I made in this thread here . There I explained in detail what is required to make a connection over MQTT to the AWS IoT Core, but I assume the same principles apply to your use case too.

Please let me know if this was helpful and feel free to ask if you have further questions.